Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-02 | CVE-2023-50936 | Insufficient Session Expiration vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 8.8 |
| 2024-02-02 | CVE-2023-50937 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-02-02 | CVE-2023-50940 | Incorrect Comparison vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains. | 9.8 |
| 2024-02-02 | CVE-2023-50939 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Powersc 1.3/2.0/2.1 IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2024-01-26 | CVE-2024-23619 | Use of Hard-coded Credentials vulnerability in IBM Merge Efilm Workstation 4.2 A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. | 9.8 |
| 2024-01-26 | CVE-2024-23620 | Improper Privilege Management vulnerability in IBM Merge Efilm Workstation 4.2 An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. | 7.8 |
| 2024-01-26 | CVE-2024-23621 | Classic Buffer Overflow vulnerability in IBM Merge Efilm Workstation 4.2 A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. | 9.8 |
| 2024-01-26 | CVE-2024-23622 | Out-of-bounds Write vulnerability in IBM Merge Efilm Workstation 4.2 A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. | 9.8 |
| 2024-01-22 | CVE-2023-47141 | Unspecified vulnerability in IBM DB2 IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. | 6.5 |
| 2024-01-22 | CVE-2023-27859 | Unspecified vulnerability in IBM DB2 IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. | 6.5 |